Forum Discussion

CX_280703's avatar
CX_280703
Icon for Nimbostratus rankNimbostratus
Jan 16, 2017

IdP SAML Looping with "Session Deleted (Internal_Cause) message

Hey there,

 

So I have an F5 APM setup as a SAML IdP for SSO to third parties, I have noticed recently some weird behaviour in the APM Reports.

 

I can see a lot of sessions that look to be ok, they enter the policy and go down the right path then they end with:

 

Session deleted (internal_cause)

 

The same users seem to be looping through this then starting a new session straight away and then going through again. The same use could loop through 100 times in a couple of minutes. Starting as new Session each time.

 

What does the Session deleted message mean? As I have never seen this before, now I see if a lot in my logs/reports.

 

Many Thanks

 

BIG-IP Access Policy Manager (APM)
saml
security

2 Replies

  • Martin_Robbins's avatar
    Martin_Robbins
    Icon for Nimbostratus rankNimbostratus
    May 23, 2018

    My answer is not specific to SAML but I have seen this error message logged when there is no pool associated with the virtual server that is performing the APM login. Even if you are doing multi-domain authentication, the primary entry point needs a pool defined.

     

    The work around I use is to define a pool without monitoring containing a dummy node in it, it cannot be empty.

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    May 23, 2018

    Hi,

     

    This kind of message can be normal, for exameple when your session reach the "Maximum Session Timeout" or "Inactivity Timeout" ...

     

    So when you encounter this kind of message that does not necessarily mean that there was a problem.

     

    How many application are attached to your IDP.

     

    And you confirm that your IDP work fine normally?

     

    regards